diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html index d5e0992a1c..b2747ce8ca 100644 --- a/doc/arm/Bv9ARM.ch06.html +++ b/doc/arm/Bv9ARM.ch06.html @@ -505,10 +505,10 @@

Syntax

-
address_match_list = address_match_list_element ;
-  [ address_match_list_element; ... ]
-address_match_list_element = [ ! ] (ip_address [/length] |
-   key key_id | acl_name | { address_match_list } )
+
address_match_list = address_match_list_element ; ...
+
+address_match_list_element = [ ! ] ( ip_address | ip_prefix |
+     key key_id | acl_name | { address_match_list } )
@@ -878,9 +878,9 @@

acl Statement Grammar

-
acl acl-name {
-    address_match_list
-};
+
acl acl-name {
+    address_match_list
+};
@@ -1017,15 +1017,14 @@ geoip org "Internet Systems Consortium";

controls Statement Grammar

-
controls {
-   [ inet ( ip_addr | * ) [ port ip_port ]
-                allow {  address_match_list  }
-                keys { key_list }; ]
-   [ inet ...; ]
-   [ unix path perm number owner number group number
-     keys { key_list }; ]
-   [ unix ...; ]
-};
+
controls {
+  [ inet ( ip_addr | * ) [ port ip_port ] allow { address_match_list }
+      [ keys { key_list } ]
+  [ unix path perm number owner number group number
+      [ keys { key_list } ]
+      [ read-only yes_or_no ] ; ]
+   [ ...; ]
+};
@@ -1141,7 +1140,7 @@ geoip org "Internet Systems Consortium";

include Statement Grammar

-
include filename;
+
include filename;

@@ -1160,10 +1159,10 @@ geoip org "Internet Systems Consortium";

key Statement Grammar

-
key key_id {
-    algorithm algorithm_id;
-    secret secret_string;
-};
+
key key_id {
+    algorithm algorithm_id;
+    secret secret_string;
+};
@@ -1214,25 +1213,25 @@ geoip org "Internet Systems Consortium";

logging Statement Grammar

-
logging {
-   [ channel channel_name {
-     ( file path_name
-         [ versions ( number | unlimited ) ]
-         [ size size_spec ]
-       | syslog syslog_facility
-       | stderr
-       | null );
-     [ severity (critical | error | warning | notice |
-                 info | debug [ level ] | dynamic ); ]
-     [ print-category yes or no; ]
-     [ print-severity yes or no; ]
-     [ print-time yes or no; ]
-   }; ]
-   [ category category_name {
-     channel_name ; [ channel_name ; ... ]
-   }; ]
-   ...
-};
+
logging {
+  [ channel channel_name {
+    ( ( file path_name
+          [ versions ( number | unlimited ) ]
+          [ size size_spec ] )
+      | syslog syslog_facility
+      | stderr
+      | null ) ;
+      [ severity ( critical | error | warning | notice |
+                   info | debug [ level ] | dynamic ) ; ]
+      [ print-category yes_or_no ; ]
+      [ print-severity yes_or_no ; ]
+      [ print-time yes_or_no ; ]
+    }; ]
+  [ category category_name {
+     channel_name ; ...
+    }; ]
+    ...
+};
@@ -2139,13 +2138,15 @@ badresp:1,adberr:0,findfail:0,valfail:0] This is the grammar of the lwres statement in the named.conf file:

-
lwres {
-    [ listen-on { ip_addr [port ip_port] [dscp ip_dscp] ;
-    [ ip_addr [port ip_port] [dscp ip_dscp] ; ... ] }; ]
-    [ view view_name; ]
-    [ search { domain_name ; [ domain_name ; ... ] }; ]
-    [ ndots number; ]
-};
+
lwres {
+  [ listen-on {
+    ( ip_addr [ port ip_port ] [ dscp ip_dscp ] ; )
+      ...
+    }; ]
+  [ view view_name; ]
+  [ search { domain_name ; ... }; ]
+  [ ndots number; ]
+};
@@ -2203,8 +2204,11 @@ badresp:1,adberr:0,findfail:0,valfail:0]

masters Statement Grammar

-masters name [port ip_port] [dscp ip_dscp] { ( masters_list |
-      ip_addr [port ip_port] [key key] ) ; [...] };
+masters name [ port ip_port ] [ dscp ip_dscp ] {
+  ( masters_list ; ) |
+  ( ip_addr [ port ip_port ] [ key key ] ; )
+    ...
+};
@@ -2224,262 +2228,260 @@ badresp:1,adberr:0,findfail:0,valfail:0] This is the grammar of the options statement in the named.conf file:

-
options {
-    [ attach-cache cache_name; ]
-    [ version version_string; ]
-    [ hostname hostname_string; ]
-    [ server-id server_id_string; ]
-    [ directory path_name; ]
-    [ geoip-directory path_name; ]
-    [ key-directory path_name; ]
-    [ managed-keys-directory path_name; ]
-    [ named-xfer path_name; ]
-    [ tkey-gssapi-keytab path_name; ]
-    [ tkey-gssapi-credential principal; ]
-    [ tkey-domain domainname; ]
-    [ tkey-dhkey key_name key_tag; ]
-    [ cache-file path_name; ]
-    [ dump-file path_name; ]
-    [ bindkeys-file path_name; ]
-    [ secroots-file path_name; ]
-    [ session-keyfile path_name; ]
-    [ session-keyname key_name; ]
-    [ session-keyalg algorithm_id; ]
-    [ memstatistics yes_or_no; ]
-    [ memstatistics-file path_name; ]
-    [ pid-file path_name; ]
-    [ recursing-file path_name; ]
-    [ statistics-file path_name; ]
-    [ zone-statistics full | terse | none; ]
-    [ auth-nxdomain yes_or_no; ]
-    [ deallocate-on-exit yes_or_no; ]
-    [ dialup dialup_option; ]
-    [ fake-iquery yes_or_no; ]
-    [ fetch-glue yes_or_no; ]
-    [ flush-zones-on-shutdown yes_or_no; ]
-    [ has-old-clients yes_or_no; ]
-    [ host-statistics yes_or_no; ]
-    [ host-statistics-max number; ]
-    [ minimal-responses yes_or_no; ]
-    [ multiple-cnames yes_or_no; ]
-    [ notify yes_or_no | explicit | master-only; ]
-    [ recursion yes_or_no; ]
-    [ request-sit yes_or_no; ]
-    [ nosit-udp-size number ; ]
-    [ sit-secret secret_string ; ]
-    [ request-nsid yes_or_no; ]
-    [ rfc2308-type1 yes_or_no; ]
-    [ use-id-pool yes_or_no; ]
-    [ maintain-ixfr-base yes_or_no; ]
-    [ ixfr-from-differences (yes_or_no | master | slave); ]
-    [ auto-dnssec allow|maintain|off; ]
-    [ dnssec-enable yes_or_no; ]
-    [ dnssec-validation (yes_or_no | auto); ]
-    [ dnssec-lookaside ( auto |
-                        no |
-                        domain trust-anchor domain ); ]
-    [ dnssec-must-be-secure domain yes_or_no; ]
-    [ dnssec-accept-expired yes_or_no; ]
-    [ forward ( only | first ); ]
-    [ forwarders { [ ip_addr [port ip_port] [dscp ip_dscp] ; ... ] }; ]
-    [ dual-stack-servers [port ip_port] [dscp ip_dscp] {
-        ( domain_name [port ip_port] [dscp ip_dscp] |
-          ip_addr [port ip_port] [dscp ip_dscp]) ;
-        ... }; ]
-    [ check-names ( master | slave | response )
-        ( warn | fail | ignore ); ]
-    [ check-dup-records ( warn | fail | ignore ); ]
-    [ check-mx ( warn | fail | ignore ); ]
-    [ check-wildcard yes_or_no; ]
-    [ check-integrity yes_or_no; ]
-    [ check-mx-cname ( warn | fail | ignore ); ]
-    [ check-srv-cname ( warn | fail | ignore ); ]
-    [ check-sibling yes_or_no; ]
-    [ check-spf ( warn | ignore ); ]
-    [ allow-new-zones { yes_or_no }; ]
-    [ allow-notify { address_match_list }; ]
-    [ allow-query { address_match_list }; ]
-    [ allow-query-on { address_match_list }; ]
-    [ allow-query-cache { address_match_list }; ]
-    [ allow-query-cache-on { address_match_list }; ]
-    [ allow-transfer { address_match_list }; ]
-    [ allow-recursion { address_match_list }; ]
-    [ allow-recursion-on { address_match_list }; ]
-    [ allow-update { address_match_list }; ]
-    [ allow-update-forwarding { address_match_list }; ]
-    [ update-check-ksk yes_or_no; ]
-    [ dnssec-update-mode ( maintain | no-resign ); ]
-    [ dnssec-dnskey-kskonly yes_or_no; ]
-    [ dnssec-loadkeys-interval number; ]
-    [ dnssec-secure-to-insecure yes_or_no ;]
-    [ try-tcp-refresh yes_or_no; ]
-    [ allow-v6-synthesis { address_match_list }; ]
-    [ blackhole { address_match_list }; ]
-    [ no-case-compress { address_match_list }; ]
-    [ use-v4-udp-ports { port_list }; ]
-    [ avoid-v4-udp-ports { port_list }; ]
-    [ use-v6-udp-ports { port_list }; ]
-    [ avoid-v6-udp-ports { port_list }; ]
-    [ listen-on [ port ip_port ] [dscp ip_dscp] { address_match_list }; ]
-    [ listen-on-v6 [ port ip_port] [dscp ip_dscp]
-{ address_match_list }; ]
-    [ query-source ( ( ip4_addr | * )
-        [ port ( ip_port | * ) ]
-        [ dscp ip_dscp] |
-        [ address ( ip4_addr | * ) ]
-        [ port ( ip_port | * ) ] )
-        [ dscp ip_dscp] ; ]
-    [ query-source-v6 ( ( ip6_addr | * )
-        [ port ( ip_port | * ) ]
-        [ dscp ip_dscp] |
-        [ address ( ip6_addr | * ) ]
-        [ port ( ip_port | * ) ] )
-        [ dscp ip_dscp] ; ]
-    [ use-queryport-pool yes_or_no; ]
-    [ queryport-pool-ports number; ]
-    [ queryport-pool-updateinterval number; ]
-    [ max-records number; ]
-    [ max-transfer-time-in number; ]
-    [ max-transfer-time-out number; ]
-    [ max-transfer-idle-in number; ]
-    [ max-transfer-idle-out number; ]
-    [ reserved-sockets number; ]
-    [ recursive-clients number; ]
-    [ tcp-clients number; ]
-    [ clients-per-query number ; ]
-    [ max-clients-per-query number ; ]
-    [ fetches-per-server number [(drop | fail)]; ]
-    [ fetch-quota-params number fixedpoint fixedpoint fixedpoint ; ]
-    [ fetches-per-zone number [(drop | fail)]; ]
-    [ serial-query-rate number; ]
-    [ serial-queries number; ]
-    [ tcp-listen-queue number; ]
-    [ transfer-format ( one-answer | many-answers ); ]
-    [ transfers-in  number; ]
-    [ transfers-out number; ]
-    [ transfers-per-ns number; ]
-    [ transfer-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ transfer-source-v6 (ip6_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ alt-transfer-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ alt-transfer-source-v6 (ip6_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ use-alt-transfer-source yes_or_no; ]
-    [ notify-delay seconds ; ]
-    [ notify-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ notify-source-v6 (ip6_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ notify-to-soa yes_or_no ; ]
-    [ also-notify [port ip_port] [dscp ip_dscp] { ( masters | ip_addr
-                    [port ip_port] ) [key keyname] ; ... }; ]
-    [ max-ixfr-log-size number; ]
-    [ max-journal-size size_spec; ]
-    [ coresize size_spec ; ]
-    [ datasize size_spec ; ]
-    [ files size_spec ; ]
-    [ stacksize size_spec ; ]
-    [ cleaning-interval number; ]
-    [ heartbeat-interval number; ]
-    [ interface-interval number; ]
-    [ statistics-interval number; ]
-    [ topology { address_match_list }];
-    [ sortlist { address_match_list }];
-    [ rrset-order { order_spec ; [ order_spec ; ... ] ] };
-    [ lame-ttl number; ]
-    [ max-ncache-ttl number; ]
-    [ max-cache-ttl number; ]
-    [ max-zone-ttl ( unlimited | number ; ]
-    [ serial-update-method increment|unixtime|date; ]
-    [ sig-validity-interval number [number] ; ]
-    [ sig-signing-nodes number ; ]
-    [ sig-signing-signatures number ; ]
-    [ sig-signing-type number ; ]
-    [ min-roots number; ]
-    [ use-ixfr yes_or_no ; ]
-    [ provide-ixfr yes_or_no; ]
-    [ request-ixfr yes_or_no; ]
-    [ treat-cr-as-space yes_or_no ; ]
-    [ min-refresh-time number ; ]
-    [ max-refresh-time number ; ]
-    [ min-retry-time number ; ]
-    [ max-retry-time number ; ]
-    [ port ip_port; ]
-    [ dscp ip_dscp] ;
-    [ additional-from-auth yes_or_no ; ]
-    [ additional-from-cache yes_or_no ; ]
-    [ random-device path_name ; ]
-    [ max-cache-size size_spec ; ]
-    [ match-mapped-addresses yes_or_no; ]
-    [ filter-aaaa-on-v4 ( yes_or_no | break-dnssec ); ]
-    [ filter-aaaa-on-v6 ( yes_or_no | break-dnssec ); ]
-    [ filter-aaaa { address_match_list }; ]
-    [ dns64 ipv6-prefix {
-        [ clients { address_match_list }; ]
-        [ mapped { address_match_list }; ]
-        [ exclude { address_match_list }; ]
-        [ suffix IPv6-address; ]
-        [ recursive-only yes_or_no; ]
-        [ break-dnssec yes_or_no; ]
-    }; ];
-    [ dns64-server name ]
-    [ dns64-contact name ]
-    [ preferred-glue ( A | AAAA | NONE ); ]
-    [ edns-udp-size number; ]
-    [ max-udp-size number; ]
-    [ max-rsa-exponent-size number; ]
-    [ root-delegation-only [ exclude { namelist } ] ; ]
-    [ querylog yes_or_no ; ]
-    [ disable-algorithms domain { algorithm;
-                                [ algorithm; ] }; ]
-    [ disable-ds-digests domain { digest_type;
-                                [ digest_type; ] }; ]
-    [ acache-enable yes_or_no ; ]
-    [ acache-cleaning-interval number; ]
-    [ max-acache-size size_spec ; ]
-    [ max-recursion-depth number ; ]
-    [ max-recursion-queries number ; ]
-    [ masterfile-format
-            (text|raw|map) ; ]
-    [ empty-server name ; ]
-    [ empty-contact name ; ]
-    [ empty-zones-enable yes_or_no ; ]
-    [ disable-empty-zone zone_name ; ]
-    [ zero-no-soa-ttl yes_or_no ; ]
-    [ zero-no-soa-ttl-cache yes_or_no ; ]
-    [ resolver-query-timeout number ; ]
-    [ deny-answer-addresses { address_match_list } [ except-from { namelist } ];]
-    [ deny-answer-aliases { namelist } [ except-from { namelist } ];]
-    [ prefetch number [number] ; ]
-
-    [ rate-limit {
-        [ responses-per-second number ; ]
-        [ referrals-per-second number ; ]
-        [ nodata-per-second number ; ]
-        [ nxdomains-per-second number ; ]
-        [ errors-per-second number ; ]
-        [ all-per-second number ; ]
-        [ window number ; ]
-        [ log-only yes_or_no ; ]
-        [ qps-scale number ; ]
-        [ ipv4-prefix-length number ; ]
-        [ ipv6-prefix-length number ; ]
-        [ slip number ; ]
-        [ exempt-clients  { address_match_list } ; ]
-        [ max-table-size number ; ]
-        [ min-table-size number ; ]
-    } ; ]
-    [ response-policy {
-        zone zone_name
-        [ policy (given | disabled | passthru | drop |
-                  nxdomain | nodata | cname domain) ]
-        [ recursive-only yes_or_no ]
-        [ max-policy-ttl number ]
-        ; [...]
-    } [ recursive-only yes_or_no ]
-      [ max-policy-ttl number ]
-      [ break-dnssec yes_or_no ]
-      [ min-ns-dots number ]
-      [ qname-wait-recurse yes_or_no ]
-      [ automatic-interface-scan yes_or_no ]
-    ; ]
-};
+
options {
+  [ attach-cache cache_name ; ]
+  [ version version_string ; ]
+  [ hostname hostname_string ; ]
+  [ server-id server_id_string ; ]
+  [ directory path_name ; ]
+  [ geoip-directory path_name ; ]
+  [ key-directory path_name ; ]
+  [ managed-keys-directory path_name ; ]
+  [ named-xfer path_name ; ]
+  [ tkey-gssapi-keytab path_name ; ]
+  [ tkey-gssapi-credential principal ; ]
+  [ tkey-domain domain_name ; ]
+  [ tkey-dhkey key_name key_tag ; ]
+  [ cache-file path_name ; ]
+  [ dump-file path_name ; ]
+  [ bindkeys-file path_name ; ]
+  [ secroots-file path_name ; ]
+  [ session-keyfile path_name ; ]
+  [ session-keyname key_name ; ]
+  [ session-keyalg algorithm_id ; ]
+  [ memstatistics yes_or_no ; ]
+  [ memstatistics-file path_name ; ]
+  [ pid-file path_name ; ]
+  [ recursing-file path_name ; ]
+  [ statistics-file path_name ; ]
+  [ zone-statistics ( full | terse | none ) ; ]
+  [ auth-nxdomain yes_or_no ; ]
+  [ deallocate-on-exit yes_or_no ; ]
+  [ dialup dialup_option ; ]
+  [ fake-iquery yes_or_no ; ]
+  [ fetch-glue yes_or_no ; ]
+  [ flush-zones-on-shutdown yes_or_no ; ]
+  [ has-old-clients yes_or_no ; ]
+  [ host-statistics yes_or_no ; ]
+  [ host-statistics-max number ; ]
+  [ minimal-responses yes_or_no ; ]
+  [ multiple-cnames yes_or_no ; ]
+  [ notify ( yes_or_no | explicit | master-only ) ; ]
+  [ recursion yes_or_no ; ]
+  [ request-sit yes_or_no ; ]
+  [ nosit-udp-size number ; ]
+  [ sit-secret secret_string ; ]
+  [ request-nsid yes_or_no ; ]
+  [ rfc2308-type1 yes_or_no ; ]
+  [ use-id-pool yes_or_no ; ]
+  [ maintain-ixfr-base yes_or_no ; ]
+  [ ixfr-from-differences ( yes_or_no | master | slave ) ; ]
+  [ auto-dnssec ( allow | maintain | off ) ; ]
+  [ dnssec-enable yes_or_no ; ]
+  [ dnssec-validation ( yes_or_no | auto ) ; ]
+  [ dnssec-lookaside ( auto | no | domain trust-anchor domain ) ; ]
+  [ dnssec-must-be-secure domain yes_or_no ; ]
+  [ dnssec-accept-expired yes_or_no ; ]
+  [ forward ( only | first ) ; ]
+  [ forwarders {
+      ( ip_addr [ port ip_port ] [ dscp ip_dscp ] ; )
+        ...
+    } ; ]
+  [ dual-stack-servers [ port ip_port ] [ dscp ip_dscp ] {
+      ( ( domain_name | ip_addr ) [ port ip_port ] [ dscp ip_dscp ] ; )
+        ...
+    } ; ]
+  [ check-names ( master | slave | response )
+                ( warn | fail | ignore ) ; ]
+  [ check-dup-records ( warn | fail | ignore ) ; ]
+  [ check-mx ( warn | fail | ignore ) ; ]
+  [ check-wildcard yes_or_no ; ]
+  [ check-integrity yes_or_no ; ]
+  [ check-mx-cname ( warn | fail | ignore ) ; ]
+  [ check-srv-cname ( warn | fail | ignore ) ; ]
+  [ check-sibling yes_or_no ; ]
+  [ check-spf ( warn | ignore ) ; ]
+  [ allow-new-zones yes_or_no ; ]
+  [ allow-notify { address_match_list } ; ]
+  [ allow-query { address_match_list } ; ]
+  [ allow-query-on { address_match_list } ; ]
+  [ allow-query-cache { address_match_list } ; ]
+  [ allow-query-cache-on { address_match_list } ; ]
+  [ allow-transfer { address_match_list } ; ]
+  [ allow-recursion { address_match_list } ; ]
+  [ allow-recursion-on { address_match_list } ; ]
+  [ allow-update { address_match_list } ]
+  [ allow-update-forwarding { address_match_list } ; ]
+  [ automatic-interface-scan yes_or_no ; ]
+  [ update-check-ksk yes_or_no ; ]
+  [ dnssec-update-mode ( maintain | no-resign ) ; ]
+  [ dnssec-dnskey-kskonly yes_or_no ; ]
+  [ dnssec-loadkeys-interval number ; ]
+  [ dnssec-secure-to-insecure yes_or_no ; ]
+  [ try-tcp-refresh yes_or_no ; ]
+  [ allow-v6-synthesis { address_match_list } ; ]
+  [ blackhole { address_match_list } ; ]
+  [ no-case-compress { address_match_list } ; ]
+  [ use-v4-udp-ports { port_list } ; ]
+  [ avoid-v4-udp-ports { port_list } ; ]
+  [ use-v6-udp-ports { port_list } ; ]
+  [ avoid-v6-udp-ports { port_list } ; ]
+  [ listen-on [ port ip_port ] [ dscp ip_dscp ] { address_match_list } ; ]
+  [ listen-on-v6 [ port ip_port ] [ dscp ip_dscp ] { address_match_list } ; ]
+  [ query-source ( [ address ] ( ip4_addr | * ) )
+      [ port ( ip_port | * ) ] [ dscp ip_dscp ] ] ;
+  [ query-source-v6 ( [ address ] ( ip6_addr | * ) )
+      [ port ( ip_port | * ) ] [ dscp ip_dscp ] ] ;
+  [ use-queryport-pool yes_or_no ; ]
+  [ queryport-pool-ports number ; ]
+  [ queryport-pool-updateinterval number ; ]
+  [ max-records number ; ]
+  [ max-transfer-time-in number ; ]
+  [ max-transfer-time-out number ; ]
+  [ max-transfer-idle-in number ; ]
+  [ max-transfer-idle-out number ; ]
+  [ reserved-sockets number ; ]
+  [ recursive-clients number ; ]
+  [ tcp-clients number ; ]
+  [ clients-per-query number ; ]
+  [ max-clients-per-query number ; ]
+  [ fetches-per-server number [ ( drop | fail ) ] ; ]
+  [ fetches-per-zone number [ ( drop | fail ) ] ; ]
+  [ fetch-quota-params number fixedpoint fixedpoint fixedpoint ; ]
+  [ serial-query-rate number ; ]
+  [ serial-queries number ; ]
+  [ tcp-listen-queue number ; ]
+  [ transfer-format ( one-answer | many-answers ) ; ]
+  [ transfers-in  number ; ]
+  [ transfers-out number ; ]
+  [ transfers-per-ns number ; ]
+  [ transfer-source ( ip4_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ transfer-source-v6 ( ip6_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ alt-transfer-source ( ip4_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ alt-transfer-source-v6 ( ip6_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ use-alt-transfer-source yes_or_no ; ]
+  [ notify-delay seconds ; ]
+  [ notify-source ( ip4_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ notify-source-v6 ( ip6_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ notify-to-soa yes_or_no ; ]
+  [ also-notify [ port ip_port] [ dscp ip_dscp] {
+      ( masters | ip_addr [ port ip_port ] ) [ key key_name ] ;
+        ...
+    } ; ]
+  [ max-ixfr-log-size number ; ]
+  [ max-journal-size size_spec ; ]
+  [ coresize size_spec ; ]
+  [ datasize size_spec ; ]
+  [ files size_spec ; ]
+  [ stacksize size_spec ; ]
+  [ cleaning-interval number ; ]
+  [ heartbeat-interval number ; ]
+  [ interface-interval number ; ]
+  [ statistics-interval number ; ]
+  [ topology { address_match_list } ; ]
+  [ sortlist { address_match_list } ; ]
+  [ rrset-order { order_spec ; ... } ; ]
+  [ lame-ttl number ; ]
+  [ max-ncache-ttl number ; ]
+  [ max-cache-ttl number ; ]
+  [ max-zone-ttl ( unlimited | number ) ; ]
+  [ serial-update-method ( increment | unixtime ) ; ]
+  [ sig-validity-interval number [number] ; ]
+  [ sig-signing-nodes number ; ]
+  [ sig-signing-signatures number ; ]
+  [ sig-signing-type number ; ]
+  [ min-roots number ; ]
+  [ use-ixfr yes_or_no ; ]
+  [ provide-ixfr yes_or_no ; ]
+  [ request-ixfr yes_or_no ; ]
+  [ treat-cr-as-space yes_or_no ; ]
+  [ min-refresh-time number ; ]
+  [ max-refresh-time number ; ]
+  [ min-retry-time number ; ]
+  [ max-retry-time number ; ]
+  [ port ip_port ; ]
+  [ dscp ip_dscp ; ]
+  [ additional-from-auth yes_or_no ; ]
+  [ additional-from-cache yes_or_no ; ]
+  [ random-device path_name ; ]
+  [ max-cache-size size_spec ; ]
+  [ match-mapped-addresses yes_or_no ; ]
+  [ filter-aaaa-on-v4 ( yes_or_no | break-dnssec ) ; ]
+  [ filter-aaaa-on-v6 ( yes_or_no | break-dnssec ) ; ]
+  [ filter-aaaa { address_match_list } ; ]
+  [ dns64 ipv6-prefix {
+      [ clients { address_match_list } ; ]
+      [ mapped { address_match_list } ; ]
+      [ exclude { address_match_list } ; ]
+      [ suffix ip6-address ; ]
+      [ recursive-only yes_or_no ; ]
+      [ break-dnssec yes_or_no ; ]
+    } ; ]
+  [ dns64-server name ]
+  [ dns64-contact name ]
+  [ preferred-glue ( A | AAAA | none ); ]
+  [ edns-udp-size number ; ]
+  [ max-udp-size number ; ]
+  [ max-rsa-exponent-size number ; ]
+  [ root-delegation-only [ exclude { namelist } ] ; ]
+  [ querylog yes_or_no ; ]
+  [ disable-algorithms domain { algorithm ; ... } ; ]
+  [ disable-ds-digests domain { digest_type ; ... } ; ]
+  [ acache-enable yes_or_no ; ]
+  [ acache-cleaning-interval number ; ]
+  [ max-acache-size size_spec ; ]
+  [ max-recursion-depth number ; ]
+  [ max-recursion-queries number ; ]
+  [ masterfile-format ( text | raw | map ) ; ]
+  [ empty-server name ; ]
+  [ empty-contact name ; ]
+  [ empty-zones-enable yes_or_no ; ]
+  [ disable-empty-zone zone_name ; ]
+  [ zero-no-soa-ttl yes_or_no ; ]
+  [ zero-no-soa-ttl-cache yes_or_no ; ]
+  [ resolver-query-timeout number ; ]
+  [ deny-answer-addresses { address_match_list }
+      [ except-from { namelist } ] ; ]
+  [ deny-answer-aliases { namelist }
+      [ except-from { namelist } ] ; ]
+  [ prefetch number [ number ] ; ]
+  [ rate-limit {
+      [ responses-per-second number ; ]
+      [ referrals-per-second number ; ]
+      [ nodata-per-second number ; ]
+      [ nxdomains-per-second number ; ]
+      [ errors-per-second number ; ]
+      [ all-per-second number ; ]
+      [ window number ; ]
+      [ log-only yes_or_no ; ]
+      [ qps-scale number ; ]
+      [ ipv4-prefix-length number ; ]
+      [ ipv6-prefix-length number ; ]
+      [ slip number ; ]
+      [ exempt-clients { address_match_list } ; ]
+      [ max-table-size number ; ]
+      [ min-table-size number ; ]
+    } ; ]
+  [ response-policy {
+        zone zone_name
+      [ policy ( given | disabled | passthru | drop |
+                 tcp-only | nxdomain | nodata | cname domain ) ]
+      [ recursive-only yes_or_no ]
+      [ max-policy-ttl number ] ;
+         ...
+    }
+      [ recursive-only yes_or_no ]
+      [ max-policy-ttl number ]
+      [ break-dnssec yes_or_no ]
+      [ min-ns-dots number ]
+      [ qname-wait-recurse yes_or_no ] ; ]
+} ; ]
@@ -2693,7 +2695,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] able to load the public and private keys from files in the working directory. In - most cases, the keyname should be the server's host name. + most cases, the key_name should be the server's host name.

cache-file

@@ -7116,31 +7118,35 @@ example.com CNAME rpz-tcp-only.

server Statement Grammar

-
server ip_addr[/prefixlen] {
-    [ bogus yes_or_no ; ]
-    [ provide-ixfr yes_or_no ; ]
-    [ request-ixfr yes_or_no ; ]
-    [ request-nsid yes_or_no ; ]
-    [ request-sit yes_or_no ; ]
-    [ edns yes_or_no ; ]
-    [ edns-udp-size number ; ]
-    [ max-udp-size number ; ]
-    [ tcp-only yes_or_no ; ]
-    [ transfers number ; ]
-    [ transfer-format ( one-answer | many-answers ) ; ]]
-    [ keys { key_id }; ]
-    [ transfer-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ transfer-source-v6 (ip6_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ notify-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ notify-source-v6 (ip6_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ query-source [ address ( ip_addr | * ) ]
-                  [ port ( ip_port | * ) ] [dscp ip_dscp] ; ]
-    [ query-source-v6 [ address ( ip_addr | * ) ]
-                     [ port ( ip_port | * ) ] [dscp ip_dscp] ; ]
-    [ use-queryport-pool yes_or_no; ]
-    [ queryport-pool-ports number; ]
-    [ queryport-pool-updateinterval number; ]
-};
+
server ( ip_addr | ip_prefix ) {
+  [ bogus yes_or_no ; ]
+  [ provide-ixfr yes_or_no ; ]
+  [ request-ixfr yes_or_no ; ]
+  [ request-nsid yes_or_no ; ]
+  [ request-sit yes_or_no ; ]
+  [ edns yes_or_no ; ]
+  [ edns-udp-size number ; ]
+  [ max-udp-size number ; ]
+  [ tcp-only yes_or_no ; ]
+  [ transfers number ; ]
+  [ transfer-format ( one-answer | many-answers ) ; ]
+  [ keys { key_id } ; ]
+  [ transfer-source ( ip4_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ transfer-source-v6 ( ip6_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ notify-source ( ip4_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ notify-source-v6 ( ip6_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ query-source ( [ address ] ( ip_addr | * ) )
+      [ port ( ip_port | * ) ] [ dscp ip_dscp ] ; ]
+  [ query-source-v6 ( [ address ] ( ip_addr | * ) )
+      [ port ( ip_port | * ) ] [ dscp ip_dscp ] ; ]
+  [ use-queryport-pool yes_or_no ; ]
+  [ queryport-pool-ports number ; ]
+  [ queryport-pool-updateinterval number ; ]
+} ;
@@ -7344,11 +7350,11 @@ example.com CNAME rpz-tcp-only.

statistics-channels Statement Grammar

-
statistics-channels {
-   [ inet ( ip_addr | * ) [ port ip_port ]
-   [ allow {  address_match_list  } ]; ]
-   [ inet ...; ]
-};
+
statistics-channels {
+  [ inet ( ip_addr | * ) [ port ip_port ]
+      [ allow {  address_match_list  } ] ; ]
+    ...
+};
@@ -7461,10 +7467,10 @@ example.com CNAME rpz-tcp-only.

trusted-keys Statement Grammar

-
trusted-keys {
-    string number number number string ;
-    [ string number number number string ; [...]]
-};
+
trusted-keys {
+  ( domain_name flags protocol algorithm key_data ; )
+    ...
+} ;
@@ -7510,10 +7516,10 @@ example.com CNAME rpz-tcp-only.

managed-keys Statement Grammar

-
managed-keys {
-    name initial-key flags protocol algorithm key-data ;
-    [ name initial-key flags protocol algorithm key-data ; [...]]
-};
+
managed-keys {
+  ( domain_name initial_key flags protocol algorithm key_data ; )
+    ...
+} ;
@@ -7586,9 +7592,9 @@ example.com CNAME rpz-tcp-only. sees the managed-keys statement, checks to make sure RFC 5011 key maintenance has already been initialized for the specified domain, and if so, it simply moves on. The - key specified in the managed-keys is not - used to validate answers; it has been superseded by the key or - keys stored in the managed keys database. + key specified in the managed-keys + statement is not used to validate answers; it has been + superseded by the key or keys stored in the managed keys database.

The next time named runs after a name @@ -7599,25 +7605,28 @@ example.com CNAME rpz-tcp-only. domain.

- named only maintains a single managed keys - database; consequently, unlike trusted-keys, - managed-keys may only be set at the top - level of named.conf, not within a view. + In the current implementation, the managed keys database + is stored as a master-format zone file.

- In the current implementation, the managed keys database is - stored as a master-format zone file called - managed-keys.bind. When the key database - is changed, the zone is updated. As with any other dynamic - zone, changes will be written into a journal file, - managed-keys.bind.jnl. They are committed - to the master file as soon as possible afterward; in the case - of the managed key database, this will usually occur within 30 + On servers which do not use views, this file is named + managed-keys.bind. When views are in + use, there will be a separate managed keys database for each + view; the filename will be a hash of the view name followed by + the suffix .mkeys. +

+

+ When the key database is changed, the zone is updated. + As with any other dynamic zone, changes will be written + into a journal file, e.g., + managed-keys.bind.jnl. + Changes are committed to the master file as soon as + possible afterward; this will usually occur within 30 seconds. So, whenever named is using - automatic key maintenance, those two files can be expected to - exist in the working directory. (For this reason among others, - the working directory should be always be writable by - named.) + automatic key maintenance, the zone file and journal file + can be expected to exist in the working directory. + (For this reason among others, the working directory + should be always be writable by named.)

If the dnssec-validation option is @@ -7627,22 +7636,23 @@ example.com CNAME rpz-tcp-only. option is set to auto, named will automatically initialize a managed key for the zone dlv.isc.org. - In both cases, the key that is used to initialize the key - maintenance process is built into named, - and can be overridden from bindkeys-file. + (Note: The ISC DLV service is expected to cease operation by + the end of 2017.) In both cases, the key that is used to + initialize the key maintenance process is built into + named, and can be overridden from + bindkeys-file.

view Statement Grammar

-
view view_name
-      [class] {
-      match-clients { address_match_list };
-      match-destinations { address_match_list };
-      match-recursive-only yes_or_no ;
-      [ view_option; ...]
-      [ zone_statement; ...]
-};
+
view view_name [ class ] {
+    match-clients { address_match_list } ;
+    match-destinations { address_match_list } ;
+    match-recursive-only yes_or_no ;
+  [ view_option ; ... ]
+  [ zone_statement ; ... ]
+} ;
@@ -7769,201 +7779,211 @@ view "external" {

zone Statement Grammar

-
zone zone_name [class] {
-    type master;
-    [ allow-query { address_match_list }; ]
-    [ allow-query-on { address_match_list }; ]
-    [ allow-transfer { address_match_list }; ]
-    [ allow-update { address_match_list }; ]
-    [ update-check-ksk yes_or_no; ]
-    [ dnssec-dnskey-kskonly yes_or_no; ]
-    [ dnssec-loadkeys-interval number; ]
-    [ update-policy local | { update_policy_rule [...] }; ]
-    [ also-notify [port ip_port] [dscp ip_dscp] { ( masters_list | ip_addr
-                              [port ip_port]
-                              [key key] ) ; [...] }; ]
-    [ check-names (warn|fail|ignore) ; ]
-    [ check-mx (warn|fail|ignore) ; ]
-    [ check-wildcard yes_or_no; ]
-    [ check-spf ( warn | ignore ); ]
-    [ check-integrity yes_or_no ; ]
-    [ dialup dialup_option ; ]
-    [ file string ; ]
-    [ masterfile-format (text|raw|map) ; ]
-    [ journal string ; ]
-    [ max-journal-size size_spec; ]
-    [ forward (only|first) ; ]
-    [ forwarders { [ ip_addr [port ip_port] [dscp ip_dscp] ; ... ] }; ]
-    [ ixfr-base string ; ]
-    [ ixfr-from-differences yes_or_no; ]
-    [ ixfr-tmp-file string ; ]
-    [ maintain-ixfr-base yes_or_no ; ]
-    [ max-ixfr-log-size number ; ]
-    [ max-transfer-idle-out number ; ]
-    [ max-transfer-time-out number ; ]
-    [ notify yes_or_no | explicit | master-only ; ]
-    [ notify-delay seconds ; ]
-    [ notify-to-soa yes_or_no; ]
-    [ pubkey number number number string ; ]
-    [ notify-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ notify-source-v6 (ip6_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ zone-statistics full | terse | none; ]
-    [ sig-validity-interval number [number] ; ]
-    [ sig-signing-nodes number ; ]
-    [ sig-signing-signatures number ; ]
-    [ sig-signing-type number ; ]
-    [ database string ; ]
-    [ min-refresh-time number ; ]
-    [ max-refresh-time number ; ]
-    [ min-retry-time number ; ]
-    [ max-retry-time number ; ]
-    [ key-directory path_name; ]
-    [ auto-dnssec allow|maintain|off; ]
-    [ inline-signing yes_or_no; ]
-    [ zero-no-soa-ttl yes_or_no ; ]
-    [ serial-update-method increment|unixtime; ]
-    [ max-zone-ttl number ; ]
-};
+
zone zone_name [ class ] {
+    type master ;
+  [ allow-query { address_match_list } ; ]
+  [ allow-query-on { address_match_list } ; ]
+  [ allow-transfer { address_match_list } ; ]
+  [ allow-update { address_match_list } ; ]
+  [ update-check-ksk yes_or_no ; ]
+  [ dnssec-dnskey-kskonly yes_or_no ; ]
+  [ dnssec-loadkeys-interval number ; ]
+  [ update-policy local | { update_policy_rule ; ...  } ; ]
+  [ also-notify [ port ip_port ] [ dscp ip_dscp ] {
+      ( masters_list | ip_addr [ port ip_port ] ) [ key key_name ] ;
+        ...
+    } ; ]
+  [ check-names ( warn | fail | ignore ) ; ]
+  [ check-mx ( warn | fail | ignore ) ; ]
+  [ check-wildcard yes_or_no ; ]
+  [ check-spf ( warn | ignore ); ]
+  [ check-integrity yes_or_no ; ]
+  [ dialup dialup_option ; ]
+  [ file string ; ]
+  [ masterfile-format ( text | raw | map ) ; ]
+  [ journal string ; ]
+  [ max-journal-size size_spec ; ]
+  [ forward ( only | first ) ; ]
+  [ forwarders { [ ip_addr [ port ip_port ] [ dscp ip_dscp ] ; ... ] } ; ]
+  [ ixfr-base string ; ]
+  [ ixfr-from-differences yes_or_no ; ]
+  [ ixfr-tmp-file string ; ]
+  [ maintain-ixfr-base yes_or_no ; ]
+  [ max-ixfr-log-size number ; ]
+  [ max-transfer-idle-out number ; ]
+  [ max-transfer-time-out number ; ]
+  [ notify yes_or_no | explicit | master-only ; ]
+  [ notify-delay seconds ; ]
+  [ notify-to-soa yes_or_no ; ]
+  [ pubkey number number number string ; ]
+  [ notify-source ( ip4_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ notify-source-v6 ( ip6_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ zone-statistics ( full | terse | none ) ; ]
+  [ sig-validity-interval number [ number ] ; ]
+  [ sig-signing-nodes number ; ]
+  [ sig-signing-signatures number ; ]
+  [ sig-signing-type number ; ]
+  [ database string ; ]
+  [ min-refresh-time number ; ]
+  [ max-refresh-time number ; ]
+  [ min-retry-time number ; ]
+  [ max-retry-time number ; ]
+  [ key-directory path_name ; ]
+  [ auto-dnssec ( allow | maintain | off ) ; ]
+  [ inline-signing yes_or_no ; ]
+  [ zero-no-soa-ttl yes_or_no ; ]
+  [ serial-update-method ( increment | unixtime ) ; ]
+  [ max-zone-ttl number ; ]
+} ;
 
-zone zone_name [class] {
-    type slave;
-    [ allow-notify { address_match_list }; ]
-    [ allow-query { address_match_list }; ]
-    [ allow-query-on { address_match_list }; ]
-    [ allow-transfer { address_match_list }; ]
-    [ allow-update-forwarding { address_match_list }; ]
-    [ dnssec-update-mode ( maintain | no-resign ); ]
-    [ update-check-ksk yes_or_no; ]
-    [ dnssec-dnskey-kskonly yes_or_no; ]
-    [ dnssec-loadkeys-interval number; ]
-    [ dnssec-secure-to-insecure yes_or_no ; ]
-    [ try-tcp-refresh yes_or_no; ]
-    [ also-notify [port ip_port] [dscp ip_dscp] { ( masters_list | ip_addr
-                              [port ip_port]
-                              [key key] ) ; [...] }; ]
-    [ check-names (warn|fail|ignore) ; ]
-    [ dialup dialup_option ; ]
-    [ file string ; ]
-    [ masterfile-format (text|raw|map) ; ]
-    [ journal string ; ]
-    [ max-journal-size size_spec; ]
-    [ forward (only|first) ; ]
-    [ forwarders { [ ip_addr [port ip_port] [dscp ip_dscp] ; ... ] }; ]
-    [ ixfr-base string ; ]
-    [ ixfr-from-differences yes_or_no; ]
-    [ ixfr-tmp-file string ; ]
-    [ request-ixfr yes_or_no ; ]
-    [ maintain-ixfr-base yes_or_no ; ]
-    [ masters [port ip_port] [dscp ip_dscp] { ( masters_list | ip_addr
-                              [port ip_port]
-                              [dscp ip_dscp]
-                              [key key] ) ; [...] }; ]
-    [ max-ixfr-log-size number ; ]
-    [ max-transfer-idle-in number ; ]
-    [ max-transfer-idle-out number ; ]
-    [ max-transfer-time-in number ; ]
-    [ max-transfer-time-out number ; ]
-    [ notify yes_or_no | explicit | master-only ; ]
-    [ notify-delay seconds ; ]
-    [ notify-to-soa yes_or_no; ]
-    [ pubkey number number number string ; ]
-    [ transfer-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ transfer-source-v6 (ip6_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ alt-transfer-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ alt-transfer-source-v6 (ip6_addr | *)
-                             [port ip_port]
-                             [dscp ip_dscp] ; ]
-    [ use-alt-transfer-source yes_or_no; ]
-    [ notify-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ notify-source-v6 (ip6_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ zone-statistics full | terse | none; ]
-    [ sig-validity-interval number [number] ; ]
-    [ sig-signing-nodes number ; ]
-    [ sig-signing-signatures number ; ]
-    [ sig-signing-type number ; ]
-    [ database string ; ]
-    [ min-refresh-time number ; ]
-    [ max-refresh-time number ; ]
-    [ min-retry-time number ; ]
-    [ max-retry-time number ; ]
-    [ key-directory path_name; ]
-    [ auto-dnssec allow|maintain|off; ]
-    [ inline-signing yes_or_no; ]
-    [ multi-master yes_or_no ; ]
-    [ zero-no-soa-ttl yes_or_no ; ]
-};
+zone zone_name [ class ] {
+    type slave ;
+  [ allow-notify { address_match_list } ; ]
+  [ allow-query { address_match_list } ; ]
+  [ allow-query-on { address_match_list } ; ]
+  [ allow-transfer { address_match_list } ; ]
+  [ allow-update-forwarding { address_match_list } ; ]
+  [ dnssec-update-mode ( maintain | no-resign ); ]
+  [ update-check-ksk yes_or_no ; ]
+  [ dnssec-dnskey-kskonly yes_or_no ; ]
+  [ dnssec-loadkeys-interval number ; ]
+  [ dnssec-secure-to-insecure yes_or_no ; ]
+  [ try-tcp-refresh yes_or_no ; ]
+  [ also-notify [ port ip_port ] [ dscp ip_dscp ] {
+      ( masters_list | ip_addr [ port ip_port ] ) [ key key_name ] ;
+        ...
+    } ; ]
+  [ check-names ( warn | fail | ignore ) ; ]
+  [ dialup dialup_option ; ]
+  [ file string ; ]
+  [ masterfile-format ( text | raw | map ) ; ]
+  [ journal string ; ]
+  [ max-journal-size size_spec ; ]
+  [ forward ( only | first ) ; ]
+  [ forwarders { [ ip_addr [ port ip_port ] [ dscp ip_dscp ] ; ... } ; ]
+  [ ixfr-base string ; ]
+  [ ixfr-from-differences yes_or_no ; ]
+  [ ixfr-tmp-file string ; ]
+  [ request-ixfr yes_or_no ; ]
+  [ maintain-ixfr-base yes_or_no ; ]
+  [ masters [ port ip_port ] [ dscp ip_dscp ] {
+      ( masters_list | ip_addr [ port ip_port ] ) [ key key_name ] ;
+        ...
+    } ; ]
+  [ max-ixfr-log-size number ; ]
+  [ max-transfer-idle-in number ; ]
+  [ max-transfer-idle-out number ; ]
+  [ max-transfer-time-in number ; ]
+  [ max-transfer-time-out number ; ]
+  [ notify ( yes_or_no | explicit | master-only ) ; ]
+  [ notify-delay seconds ; ]
+  [ notify-to-soa yes_or_no ; ]
+  [ pubkey number number number string ; ]
+  [ transfer-source ( ip4_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ transfer-source-v6 ( ip6_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ alt-transfer-source ( ip4_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ alt-transfer-source-v6 ( ip6_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ use-alt-transfer-source yes_or_no ; ]
+  [ notify-source ( ip4_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ notify-source-v6 ( ip6_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ zone-statistics ( full | terse | none ) ; ]
+  [ sig-validity-interval number [ number ] ; ]
+  [ sig-signing-nodes number ; ]
+  [ sig-signing-signatures number ; ]
+  [ sig-signing-type number ; ]
+  [ database string ; ]
+  [ min-refresh-time number ; ]
+  [ max-refresh-time number ; ]
+  [ min-retry-time number ; ]
+  [ max-retry-time number ; ]
+  [ key-directory path_name ; ]
+  [ auto-dnssec ( allow | maintain | off ) ; ]
+  [ inline-signing yes_or_no ; ]
+  [ multi-master yes_or_no ; ]
+  [ zero-no-soa-ttl yes_or_no ; ]
+} ;
 
-zone zone_name [class] {
-    type hint;
-    file string ;
-    [ delegation-only yes_or_no ; ]
-    [ check-names (warn|fail|ignore) ; ] // Not Implemented.
-};
+zone zone_name [ class ] {
+    type hint;
+    file string ;
+  [ delegation-only yes_or_no ; ]
+  [ check-names ( warn | fail | ignore ) ; ] // Not Implemented.
+} ;
 
-zone zone_name [class] {
-    type stub;
-    [ allow-query { address_match_list }; ]
-    [ allow-query-on { address_match_list }; ]
-    [ check-names (warn|fail|ignore) ; ]
-    [ dialup dialup_option ; ]
-    [ delegation-only yes_or_no ; ]
-    [ file string ; ]
-    [ masterfile-format (text|raw|map) ; ]
-    [ forward (only|first) ; ]
-    [ forwarders { [ ip_addr [port ip_port] [dscp ip_dscp] ; ... ] }; ]
-    [ masters [port ip_port] [dscp ip_dscp] { ( masters_list | ip_addr
-                              [port ip_port]
-                              [dscp ip_dscp]
-                              [key key] ) ; [...] }; ]
-    [ max-transfer-idle-in number ; ]
-    [ max-transfer-time-in number ; ]
-    [ pubkey number number number string ; ]
-    [ transfer-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ transfer-source-v6 (ip6_addr | *)
-                         [port ip_port] [dscp ip_dscp] ; ]
-    [ alt-transfer-source (ip4_addr | *) [port ip_port] [dscp ip_dscp] ; ]
-    [ alt-transfer-source-v6 (ip6_addr | *)
-                            [port ip_port] [dscp ip_dscp] ; ]
-    [ use-alt-transfer-source yes_or_no; ]
-    [ zone-statistics full | terse | none; ]
-    [ database string ; ]
-    [ min-refresh-time number ; ]
-    [ max-refresh-time number ; ]
-    [ min-retry-time number ; ]
-    [ max-retry-time number ; ]
-    [ multi-master yes_or_no ; ]
-};
+zone zone_name [ class ] {
+    type stub;
+  [ allow-query { address_match_list } ; ]
+  [ allow-query-on { address_match_list } ; ]
+  [ check-names ( warn | fail | ignore ) ; ]
+  [ dialup dialup_option ; ]
+  [ delegation-only yes_or_no ; ]
+  [ file string ; ]
+  [ masterfile-format ( text | raw | map ) ; ]
+  [ forward ( only | first ) ; ]
+  [ forwarders { [ ip_addr [ port ip_port ] [ dscp ip_dscp ] ; ... ] } ; ]
+  [ masters [ port ip_port ] [ dscp ip_dscp ] {
+      ( masters_list | ip_addr [ port ip_port ] ) [ key key_name ] ;
+        ...
+    } ; ]
+  [ max-transfer-idle-in number ; ]
+  [ max-transfer-time-in number ; ]
+  [ pubkey number number number string ; ]
+  [ transfer-source ( ip4_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ transfer-source-v6 ( ip6_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ alt-transfer-source ( ip4_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ alt-transfer-source-v6 ( ip6_addr | * )
+      [ port ip_port ] [ dscp ip_dscp ] ; ]
+  [ use-alt-transfer-source yes_or_no ; ]
+  [ zone-statistics ( full | terse | none ) ; ]
+  [ database string ; ]
+  [ min-refresh-time number ; ]
+  [ max-refresh-time number ; ]
+  [ min-retry-time number ; ]
+  [ max-retry-time number ; ]
+  [ multi-master yes_or_no ; ]
+} ;
 
-zone zone_name [class] {
-    type static-stub;
-    [ allow-query { address_match_list }; ]
-    [ server-addresses { [ ip_addr ; ... ] }; ]
-    [ server-names { [ namelist ] }; ]
-    [ zone-statistics full | terse | none; ]
-};
+zone zone_name [ class ] {
+    type static-stub;
+  [ allow-query { address_match_list } ; ]
+  [ server-addresses { [ ip_addr ; ... } ; ]
+  [ server-names { [ namelist ] } ; ]
+  [ zone-statistics ( full | terse | none ) ; ]
+} ;
 
-zone zone_name [class] {
-    type forward;
-    [ forward (only|first) ; ]
-    [ forwarders { [ ip_addr [port ip_port] [dscp ip_dscp] ; ... ] }; ]
-    [ delegation-only yes_or_no ; ]
-};
+zone zone_name [ class ] {
+    type forward;
+  [ forward ( only | first ) ; ]
+  [ forwarders { [ ip_addr [ port ip_port ] [ dscp ip_dscp ] ; ... } ; ]
+  [ delegation-only yes_or_no ; ]
+} ;
 
-zone "." [class] {
-    type redirect;
-    file string ;
-    [ masterfile-format (text|raw|map) ; ]
-    [ allow-query { address_match_list }; ]
-    [ max-zone-ttl number ; ]
-};
+zone "." [ class ] {
+    type redirect;
+    file string ;
+  [ masterfile-format ( text | raw | map ) ; ]
+  [ allow-query { address_match_list } ; ]
+  [ max-zone-ttl number ; ]
+} ;
 
-zone zone_name [class] {
-    type delegation-only;
-};
+zone zone_name [ class ] {
+    type delegation-only;
+} ;
 
-zone zone_name [class] {
-    [ in-view string ; ]
-};
+zone zone_name [ class ] {
+  [ in-view string ; ]
+} ;